CVE-2012-2837

Name of the Vulnerable Software and Affected Versions libexif versions prior to 0.6.21 libexif-0.6.21 libexif-devel versions prior to 0.6.21 libexif-devel-0.6.21 libexif-64bit versions prior to 0.6.21 libexif-32bit versions prior to 0.6.21 libexif-debuginfo-0.6.21

Description The issue concerns multiple vulnerabilities in the libexif package, which can lead to a disruption of confidentiality, integrity, and availability of protected information. These vulnerabilities can be exploited remotely. Specifically, the mnote olympus entry get value function in the EXIF Tag Parsing Library allows remote attackers to cause a denial of service (divide-by-zero error) via an image with crafted EXIF tags.

Recommendations For libexif versions prior to 0.6.21, update to version 0.6.21 or later. For libexif-0.6.21, update to a version later than 0.6.21. For libexif-devel versions prior to 0.6.21, update to version 0.6.21 or later. For libexif-devel-0.6.21, update to a version later than 0.6.21. For libexif-64bit versions prior to 0.6.21, update to version 0.6.21 or later. For libexif-32bit versions prior to 0.6.21, update to version 0.6.21 or later. For libexif-debuginfo-0.6.21, update to a version later than 0.6.21. As a temporary workaround, consider disabling the mnote olympus entry get value function until a patch is available.